Enhanced Password Protection Installation and Configuration Guide

C•CURE ® 800/8000 

Version 9.4 

Enhanced Password Protection 

Installation and Configuration Guide 

REVISION I0 

70 Westview Street 

Lexington, MA 02421 

http://www.swhouse.com 

Fax: 781-466-9550 Phone: 781-466-6660

C•CURE ® and Software House ® are registered trademarks of Tyco International Ltd. and its 

Respective Companies. 

Certain Product names mentioned herein may be trade names and/or registered trademarks 

of other companies. Information about other products furnished by Software House is 

believed to be accurate. However, no responsibility is assumed by Software House for the use 

of these products, or for an infringement of rights of the other companies that may result from 

their use. 

C•CURE ® 800/8000 Version: 9.4 

Document Number: UM-118 

Revision: I0 

Release Date: August 2008 

This manual is proprietary information of Software House. Unauthorized reproduction of any 

portion of this manual is prohibited. The material in this manual is for information purposes 

only. It is subject to change without notice. Software House assumes no responsibility for 

incorrect information this manual may contain. 

© Copyright © 2008 Tyco International Ltd. and its Respective Companies. 

All Rights Reserved

Table of Contents 

Preface 

How to Use this Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi 

Finding More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii 

Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .ix 

Chapter 1 

Chapter 2 

Chapter 3 

Chapter 4 

C•CURE Enhanced Password Protection 

Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 

Creating Users and User Groups in a Domain 

Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 

Creating User Groups on a Windows 2003 

Domain Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 

Creating a Manager User Account on a 

Windows 2003 Domain Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8 

Adding the Manager Account to the CCURE Group . . . . . . . . . . . . . . . . . . . . . . 2-11 

Installing C•CURE Enhanced Password Protection 

Using the C•CURE 800/8000 DVD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 

Installing C•CURE Enhanced Password 

Protection Over the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 

Running the Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 

Novell Setup for C•CURE 800/8000 Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8 

Performing Post-installation Tasks 

Setting File and Directory Privileges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 

Enhanced Password Protection Installation and Configuration Guide 

iii

Table of Contents 

Setting File and Directory Privileges In Windows 2003 or XP . . . . . . . . . . . . . . . . . . . 4-2 

Adding additional users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6 

Password Policy Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-7 

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7 

Managing Password Policy Locally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8 

C•CURE Idle Time-out. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-9 

User Account Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-12 

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12 

Deleting a C•CURE User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12 

Disabling and Enabling an Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14 

Modifying a Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15 

Chapter 5 

Uninstalling 


Uninstalling The Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-2 

Index 

iv 

Enhanced Password Protection Installation and Configuration Guide

Preface 

The C•CURE Enhanced Password Protection Installation and Configuration Guide 

is for users who choose to use the C•CURE Enhanced Password Protection 

feature. The manual describes the feature and presents procedures for 

installing and configuring it. 

This manual assumes that the C•CURE 800/8000 system has been installed. 

In this preface 

How to Use this Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi 

Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .ix 


v

Preface 

How to Use this Manual 

This manual includes the following sections. Turn to the appropriate section 

for the information you need. 

Chapter 1, “C•CURE Enhanced Password Protection” 

This chapter describes the C•CURE Enhanced Password Protection feature 

and its concepts. 

Chapter 2, “Creating Users and User Groups in a Domain” 

This chapter describes the pre-installation tasks for computers in a domain. 

Chapter 3, “Installing C•CURE Enhanced Password Protection” 

This chapter describes the installation procedures and setup with Novell 

software. 

Chapter 4, “Performing Post-installation Tasks” 

This chapter describes the tasks you have to perform after you install 

C•CURE Enhanced Password Protection. 

Chapter 5, “Uninstalling C•CURE Enhanced Password Protection” 

This chapter describes the uninstall procedures. 

vi 


Preface 

Finding More Information 

In addition to this manual, you may find the following manuals useful. 

Software House Hardware Manuals 

The following Software House manuals are available with the products, and 

online at the Software House website. 

• iSTAR Pro Installation and Configuration Guide 

• iSTAR Pro Quick Start Guide 

• iSTAR eX Installation and Configuration Guide 

• apC/8X Installation and Configuration Guide 

• apC/L Installation and Configuration Guide 

Software House Software Manuals 

The following Software House manuals are available with the products, and 

online at the Software House website. 

• C•CURE 800/8000 Installation Guide 

• C•CURE 800/8000 Getting Started Guide 

• C•CURE 800/8000 Hardware Configuration Guide 

• C•CURE 800/8000 Third Party Hardware & Services Guide 

• C•CURE 800/8000 Personnel Configuration Guide 

• C•CURE 800/8000 Software Configuration Guide 

• C•CURE 800/8000 Video Guide 

• C•CURE 800/8000 Reports Guide 

• C•CURE 800/8000 System Maintenance Guide 

• C•CURE 800/8000 Monitoring Station Guide 

• C•CURE ID User’s Guide 

• C•CURE 800/8000 Advanced User’s Guide 


vii

Preface 

• C•CURE 800/8000 ODBC Configuration Guide 

You can also access the guides that are online from the C•CURE 800/8000 

Help menu. You need to install the Adobe Acrobat reader and copy the 

appropriate PDF files from the C•CURE 800/8000 Supplemental DVD. See 

the C•CURE 800/8000 Installation Guide for more information. 

You can access C•CURE 800/8000 Help by pressing F1 or clicking Help from 

the menu bar in the Administration/Monitoring Station applications. 

You can get help for the Windows products by selecting Help from the 

specific Windows Start menu or by going to the Microsoft web site at 

www.microsoft.com. 

viii 


Preface 

Conventions 

This manual uses the following text formats and symbols. 

Convention 

Bold 

Regular italic font 

 

Meaning 

This font indicates screen elements, and also indicates when you 

should take a direct action in a procedure. 

Bold font describes one of the following items: 

• A command or character to type, or 

• A button or option on the screen to press, or 

• A key on your keyboard to press 

• A screen element or name 

Indicates a new term. 

Indicates a variable. 

The following items are used to indicate important information. 

NOTE 

Indicates a note. Notes call attention to any item of information that may 

be of special importance. 

TIP 

Indicates an alternate method of performing a task. 

Indicates a caution. A caution contains information essential to avoid 

damage to the system. A caution can pertain to hardware or software. 

Indicates a warning. A warning contains information that advises users 

that failure to avoid a specific action could result in physical harm to the 

user or to the hardware. 

Indicates a danger. A danger contains information that users must know 

to avoid death or serious injury. 


ix

Preface 

x 


1 

C•CURE Enhanced 

Password Protection 

This chapter provides a conceptual overview of the C•CURE Enhanced 

Password Protection features. 

In this chapter 

Introduction ...................................................................................................................... 1-2 

Overview ........................................................................................................................... 1-3 

Enhanced Password Protection Installation and Configuration Guide 1–1

Introduction 

Introduction 

C•CURE 800/8000 has an Enhanced Password Protection feature that 

increases the overall security of the C•CURE 800/8000 applications. C•CURE 

Enhanced Password Protection provides the ability to Validate C•CURE 800/ 

8000 users and allow access only to valid users. 

Without the use of Enhanced Password Protection, C•CURE 800/8000 

applications use traditional authentication. These applications present a login 

screen upon startup. This allows you to create a single, standard username 

and password that all C•CURE 800/8000 users can use as their validation into 

C•CURE 800/8000 applications. 

C•CURE Enhanced Password Protection solves both the security and 

multiple log in issues by requiring that each user be uniquely identified 

within the operating system. When a defined user logs into the computer, the 

user’s local workstation username is then applied by the C•CURE 800/8000 

system to validate and assign privileges to the user within the 

C•CURE 800/8000 system. Using the operating system for account 

management provides additional features such as password ageing, account 

lockout and complexity rules. 

The C•CURE Enhanced Password Protection feature moves the 

authentication process from C•CURE 800/8000 to the operating system and 

also provides tools for locking or terminating C•CURE 800/8000 when a 

station is left unattended. 

When the C•CURE Enhanced Password Protection feature is used in 

conjunction with the policy management system provided by the operating 

system, administrators can create highly secure systems that do the following: 

• Meet the demands of most applications requiring extensive security. 

• Comply with organizational standards for computer security. 

NOTE 

This document assumes that the reader is familiar with the concepts of 

Windows administration, policy administration, and domains. Lack of 

knowledge in these areas could make the system insecure or at the very 

least limit the usefulness of the C•CURE 800/8000 changes. 

1–2 Enhanced Password Protection Installation and Configuration Guide

Overview 

Overview 

C•CURE Enhanced Password Protection is a separate installation process that 

upgrades the existing C•CURE 800/8000 system installation. This allows a 

base system to be installed and tested before applying enhanced security 

features. 

C•CURE Enhanced Password Protection provides the ability to do both of the 

following: 

• Validate C•CURE users and allow access to valid users only. 

• Secure unused or idle workstations. 

Previously, C•CURE 800/8000 applications used only traditional 

authentication, presenting a login screen at startup. The traditional method 

allows you to create a single, standard username and password that all 

C•CURE 800/8000 users can use as their validation for C•CURE 800/8000 

applications. This approach, however, is not practical in organizations 

requiring greater security because users must log in twice to use C•CURE 

800/8000: 

• Once—through the Windows logon method. 

• For a second time—into the C•CURE application. 

C•CURE Enhanced Password Protection solves both the security and 

multiple login issues by requiring each user to be uniquely identified within 

the operating system. When a defined user logs onto the computer, the 

C•CURE system then applies the user’s Windows username to validate the 

user within C•CURE 800/8000 and assign privileges to that user. 

Using the operating system for account management also provides additional 

features such as password aging, account lockout, and complexity rules. 

Once C•CURE Enhanced Password Protection is implemented, the C•CURE 

800/8000 applications no longer present the login screen at startup. C•CURE 

800/8000 applications open only when a defined C•CURE 800/8000 user logs 

onto the computer with C•CURE Enhanced Password Protection. It is, 

therefore, essential that all users who require access to C•CURE 800/8000 

have a Windows user account matching their C•CURE 800/8000 user 

account. 


Overview 

C•CURE Enhanced Password Protection can be set up only for computers in 

a domain, as documented in Chapter 2, “Creating Users and User Groups in a 

Domain”. When C•CURE Enhanced Password Protection is implemented for 

domain computers, the following two scenarios are possible, the first is the 

usual one and the second is an exceptional case: 

• All computers are in the domain—users on any computer in the domain, 

once logged onto the computer, do not see the login screen when they 

open the C•CURE 800/8000 Monitoring Station or Administration 

application. 

• A computer not in the domain connects to the network—the user tries to 

open the C•CURE 800/8000 Monitoring Station or Administration 

application and is denied access. The system displays a message such as 

that shown in Figure 1-1 on page 1-4. 

Figure 1-1: User Authorization Failure Message 

To secure the system even further, you can use the tools provided to lock idle 

workstations—locking the screen while maintaining running applications in 

the background. 

This feature is similar to the screen saver mechanism built into the operating 

system, except for the additional options and settings provided by C•CURE 

Enhanced Password Protection that cannot be overridden by a user without 

administrative privileges. 


2 

Creating Users and 

User Groups in a 

Domain 

This chapter describes pre-installation tasks for installing C•CURE Enhanced 

Password Protection in a domain. 


Introduction ...................................................................................................................... 2-2 

Creating User Groups on a Windows 2003 Domain Controller ............................... 2-3 

Creating a Manager User Account on a Windows 2003 Domain Controller.......... 2-8 

Adding the Manager Account to the CCURE Group ............................................... 2-11 


Introduction 

Introduction 

To create new user groups and user accounts for installing C•CURE 

Enhanced Password Protection in a Domain, you must log into the Windows 

2003 domain on the domain controller computer, using the Windows 

administration account. 

You must perform these procedures on the domain controller. 


Creating User Groups on a Windows 2003 Domain Controller 

Creating User Groups on a Windows 2003 

Domain Controller 

To Create a User Group 

1. Click Start and select Settings>Control Panel. The Control Panel opens 

(see Figure 2-1). 

Figure 2-1: Windows Control Panel 

2. Double-click Administrative Tools. The Administrative Tools dialog 

box opens, giving you access to the local configuration tools (see 

Figure 2-2 on page 2-4). 



Figure 2-2: Administrative Tools Dialog Box 

3. Double-click Active Directory Users and Computers. The Active 

Directory Users and Computers dialog box opens (see Figure 2-3). 

4. Select Users in the tree-view on the left. 

Figure 2-3: Active Directory Users and Computers Dialog Box 



5. Right-click Users (on the left) and select New>Group from the shortcut 

menu. The New Object - Group dialog box opens, for you to specify the 

group details (see Figure 2-4). 

Figure 2-4: New Object - Group Dialog Box 

6. Type CCURE in the Group Name box. The Group name (pre-Windows 

2003) box automatically fills with the name of the group you enter. 



7. Click OK. The group is now created. The Active Directory Users and 

Computers dialog box reopens, with the new CCURE user group entered 

in the list in the right-hand pane, as shown in Figure 2-5 on page 2-6. 

Figure 2-5: Active Directory Users and Computers Dialog Box with CCURE User Group 

8. Right-click the CCURE group and select Properties from the shortcut 

menu. The Properties dialog box opens (see Figure 2-6). 



Figure 2-6: Properties Dialog Box 

9. Type a descriptive message in the Description box. 

10. Click OK. 

After you create the C•CURE user group, create the manager user account. 


Creating a Manager User Account on a Windows 2003 Domain Controller 

Creating a Manager User Account on a 

Windows 2003 Domain Controller 

Traditionally C•CURE has a built-in account called manager, which is used to 

define all users in the C•CURE system. To access this account in the C•CURE 

system, you must have a matching Windows manager user account of the 

same name. 

The following instructions show you how to create the manager account. You 

can use the same procedure to create other user accounts as well. 

NOTE 

Software House recommends that you create the manager account before 

creating all other C•CURE user accounts. 

To Create a Manager Account 

1. Once you have created the CCURE group, reopen the Active Directory 

Users and Computers dialog box and select Users in the tree-view on the 

left (see Figure 2-7). 




2. Right-click Users (on the left) and select New>User from the shortcut 

menu. The New Object - New User dialog box opens (see Figure 2-8). 

Figure 2-8: New Object - User Dialog Box 

3. Type manager in the User Logon name box. 

NOTE 

The username manager is case sensitive. Type it in lower case. 

4. Type the user’s first and last name in the appropriate boxes. 

5. Click Next. The password dialog box opens (see Figure 2-9). 

Figure 2-9: New Object - Users Dialog Box with the Password Information 



6. Type a password in the Password box and retype it in the Confirm 

password box. 

7. Ensure that all other options are cleared. 

8. Click Next. 

9. Click Finish. 

Once you have created both the user group and manager user account, you 

add the manager account to the user group. 


Adding the Manager Account to the CCURE Group 


The following procedure shows you how to add the manager user account 

you created in the preceding section to the C•CURE Group created in the first 

section (“Creating User Groups on a Windows 2003 Domain Controller” on 

page 2-3). 

You can also use these procedures to add other users to the C•CURE Group. 

To Add the Manager Account to the CCURE User Group 

1. In the Active Directory Users and Computers dialog box, select Users in 

the tree-view on the left (see Figure 2-10). 


2. Right-click the newly created manager account and select Properties from 

the shortcut menu. The Properties dialog box opens. 

3. Click the Member of tab (see Figure 2-11 on page 2-12). 



Figure 2-11: Properties Dialog Box (Member Of Tab) 

4. Click Add; the Select Groups dialog box opens. 

5. Select the C•CURE group you created earlier (searching for it, if 

necessary) and click OK. 

The Member of list updates with the C•CURE group that you have 

selected. 

You have created a new manager account and made it a member of the 

C•CURE group. You can now use the same basic procedures to add more 

C•CURE users. See: 

• Creating a user account on page 2-8. 

• Adding the user to the C•CURE group on page 2-11. 

Once you have created all of the user accounts needed and added them to the 

C•CURE group, continue the installation process, as documented in 

Chapter 3, “Installing C•CURE Enhanced Password Protection”. 


3 

Installing C•CURE 

Enhanced Password 

Protection 

This chapter describes Enhanced Password Protection installation 

procedures. 


Using the C•CURE 800/8000 DVD............................................................................... 3-2 

Installing C•CURE Enhanced Password Protection Over the Network ................. 3-3 

Running the Installation.................................................................................................. 3-4 


Using the C•CURE 800/8000 DVD 

Using the C•CURE 800/8000 DVD 

The C•CURE Enhanced Password Protection software is located on the 

C•CURE 800/8000 DVD. The directory location is: 

D:\Installs\PasswordProtection\setup.exe 

(where D: denotes your DVD drive). 

To Install the Software from the C•CURE 800/8000 DVD 

1. Log onto the computer with the appropriate privileges. For information 

on system privileges, see the C•CURE 800/8000 Installation Guide. 

2. Insert the C•CURE 800/8000 DVD in the computer’s DVD drive. 

NOTE 

If you are using a shared DVD drive on another machine, you can install 

C•CURE Enhanced Password Protection over the network. See “Installing 

C•CURE Enhanced Password Protection Over the Network” on page 3-3. 


Installing C•CURE Enhanced Password Protection Over the Network 

Installing C•CURE Enhanced Password 

Protection Over the Network 

To Install Enhanced Password Protection over the Network 

1. Insert the C•CURE 800/8000 DVD into the DVD drive. 

2. On another computer, connect to the DVD drive over the network. 

For information about sharing DVD drives, refer to your Microsoft 

documentation or see your system administrator. 


Running the Installation 


Running the C•CURE 800/8000 Installation Program 

1. From Windows Explorer, navigate to: 

:\Installs\PasswordProtection\setup.exe 

2. Double-click setup.exe. The installation shield starts up and a Message 

box appears, as shown in Figure 3-1 on page 3-4. 

Figure 3-1: Password Protection Installation Message 

3. Click OK. A Question dialog box appears, as shown in Figure 3-2 on 

page 3-4. 

Figure 3-2: Password Protection Installation Question 

4. Click OK. A Question Warning dialog box appears, as shown in 

Figure 3-3 on page 3-5. 



Figure 3-3: Password Protection Installation Warning 

Be sure that you read and understand the information in this warning 

before you click Yes to continue the install process. Also, be sure that you 

have a license for Password Protection before you install the software. 

Contact your dealer if you have any questions. 

5. Click Yes to continue the installation process. The Welcome window 

opens, as shown in Figure 3-4 on page 3-5. 

Figure 3-4: Welcome WIndow 



6. Click Next. The Information Window opens as shown in Figure 3-5 on 

page 3-6, with details about the product release version. 

Figure 3-5: Information Window 

7. Click Next. The C•CURE Enhanced Password Protection files are now 

copied to the computer’s hard drive. 

The C•CURE Password Protection Install Completed Window opens as 

shown in Figure 3-6 on page 3-7. 



Figure 3-6: C•CURE Password Protection Install Completed Window 

8. Select Yes to restart now. 

NOTE 

You must restart the computer to complete the installation. 

9. Click Finish. 

10. Restart your computer. 

After the computer restarts, complete the post-installation tasks documented 

in Chapter 4, “Performing Post-installation Tasks”. 


Novell Setup for C•CURE 800/8000 Client 


Novell ® is a provider of Net services software that secures and powers all 

types of networks: intranets, the Internet, and extranets, across various 

operating systems. 

The major feature of Novell's NetWare 5.1 ® operating system, is the Novell 

Directory Services (NDS). NDS is a centralized, hierarchical, relational 

database of all network resources, including e-mail resources and Windows 

resources and domains. NDS, along with numerous product features (for 

example, Novell Distributed Print Services and ZENWorks), distinguish the 

NetWare 5.1 operating system as a system that can be utilized in all-sized 

networks and in most environments. 

The following steps provide the method to integrate C•CURE 800/8000 

Client Software Version 9.1.0 Enhanced Password Protection with Novell Net 

services software. 

To Set Up Novell for Use with C•CURE 800/8000 Client 

1. On a PC with Novell Netware Client Software installed and configured, 

verify connection to your organization’s network resources. 

2. Perform a clean installation of C•CURE 800/8000 Client Software Version 

9.1.0 and use the restart option. See the C•CURE 800/8000 Installation 

Guide for more information. 

3. Create a Local User group in Windows called C•CURE 800 and assign 

this group to the security NTFS permissions to the CCure800, 

CCure800DLC folders 

4. Create individual users in Windows and assign them to the C•CURE 800 

group. You can also automate this with using the “Dynamic Local User” 

option with Novell. 

5. Ensure that the same usernames that are in Windows are also setup as 

users in C•CURE 800/8000. 

6. Install C•CURE 800/8000 Enhanced Password Protection. Follow the 

default instructions for the installation. See “Installing C•CURE 

Enhanced Password Protection Over the Network” on page 3-3. 



7. The installation will detect that Novell is installed and on the client and 

install the proper CCUREXPGina.dll, CCGKMT.exe, CCEPPCPL.cpl, and 

Native.exe files in to the Windows\System32 folder. 

8. Restart your client machine and log into your Novell client. Verify 

connection to your organization’s network resources. 

9. Launch the C•CURE 800/8000 Administration Client. The application 

will open without displaying a login prompt. 

10. Launch the C•CURE 800/8000 Monitoring Client. The application should 

also open without displaying a login prompt. 




4 

Performing Postinstallation 

Tasks 

This chapter describes the tasks that you must complete after you install 

C•CURE Enhanced Password Protection. 

You must complete all the tasks in this chapter to run C•CURE Enhanced 

Password Protection correctly. 


Setting File and Directory Privileges............................................................................. 4-2 

Password Policy Management....................................................................................... 4-7 

C•CURE Idle Time-out ................................................................................................... 4-9 

User Account Management .......................................................................................... 4-12 


Setting File and Directory Privileges 


Software House recommends that you change the operating system access 

rights of all C•CURE files to limit them to members of the Windows CCURE 

group. You must do this to provide additional security and ensure that only 

authorized personnel have access to C•CURE applications. 

The operating system limits file and directory privileges to NTFS file 

systems only. Files located on FAT file system cannot be protected in this 

way. 

Setting File and Directory Privileges In Windows 2003 or XP 

The following procedure is for setting file and directory privileges on a 

Windows 2003 or XP standalone computer. 

To Set Up File and Directory Privileges 

1. From Windows Explorer, as shown in Figure 4-1 on page 4-3, select all the 

CCURE installation directories: CCURE800, CCURE800DLC, and 

ENREPORTS. 

a. Select the drive on which the C•CURE directories reside (the default is 

C:\). 

b. Select the C•CURE directories from the right-hand pane while holding 

down the CTRL key. 



Figure 4-1: Selecting CCURE Directories 

2. Right-click the installation directories and select Properties from the 

shortcut menu. The Properties dialog box opens, as shown in Figure 4-2 

on page 4-3. 

3. Click the Security tab. 


4. Click Add. The Select Users or Groups dialog box opens, as shown in 




Figure 4-3: Select Users or Groups Dialog Box 

5. Type CCURE in the Enter the object names to select box. 

6. Click Check Names. The name appears correctly formatted. 

7. Click OK to return to the Properties dialog box. 

8. Click Advanced. The Advanced Security Settings dialog box opens, as 

shown in Figure 4-4 on page 4-4. 

Figure 4-4: Advance Security Settings for Dialog Box 

9. Clear the Inherit from parent the permissions... option. The Security 

confirmation box opens, as shown in Figure 4-5 on page 4-5. 



Figure 4-5: Security Confirmation Box 

10. Click Copy. 

11. Select the Replace permission entries on all... option on the Advanced 

Security Settings dialog box. 

12. Click OK. The Properties dialog box reappears, displaying the CCURE 

group, as shown in Figure 4-6 on page 4-5. 


13. Select the CCURE group and ensure that the Full Control option is 

selected in the Permissions for CCURE list. 

14. Repeat the process to add other accounts, as required. 



15. Remove any groups that you do not want to have access to the C•CURE 

files: 

a. Selecting the group in the Group or user names list. 

b. Click Remove. 

16. Click OK. 

Adding additional users 

You can add additional CCURE users to the Windows user group. See 

“Adding the Manager Account to the CCURE Group” on page 2-11. 


Password Policy Management 


Overview 

A system administrator can enforce the following rules on user passwords 

using the Windows policy management system for a domain: 

• A minimum password length – requires passwords to contain at least a 

certain number of characters (0 to 14 characters) 

• Password complexity – enforces simple rules on the password, such as 

the following: 

• Cannot contain all or part of the user's account name 

• Must be at least six characters in length 

• Must contain characters from three of the following four categories: 

– English uppercase characters (A through Z) 

– English lowercase characters (a through z) 

– Base 10 digits (0 through 9) 

– No alphanumeric characters (e.g.,!, $, #,%) 

• Maximum password age – forces users to change their passwords 

regularly. You can define a maximum expiration date between 0 to 999 

days. 

• Password history – stops the reuse of a defined number of old passwords. 

You can set the number between 0 to 24 passwords. 

• Minimum password age – stops users from changing their password 

before the defined expiration occurs. You can define a minimum 

expiration date between 0 to 999 days. 

You can also set Local Security Policy from the Administrative Tools dialog 

box as documented in the following section. 



Managing Password Policy Locally 

To manage password policy for Windows 2003 and XP 

1. Click Start and select Settings>Control Panel. The Control Panel Opens. 

2. Double-click Administrative Tools. The Administrative Tools dialog 

box opens. 

3. Double-click Local Security Policy. The Local Security Settings dialog 

box opens, as shown in Figure 4-7 on page 4-8. 

4. Select Account policies and then password policy in the tree-view pane 

on the left. 

Figure 4-7: Windows Local Security Settings Dialog Box 

5. Make changes to the settings in the Policy pane on the right, as required. 


C•CURE Idle Time-out 


You can use a control panel utility to set time-outs and exclusions on the 

C•CURE Enhanced Password Protection Settings dialog box. 

By default, C•CURE systems display a warning message if the computer is 

left idle for a specified period of time. If the user does not acknowledge the 

warning in the time specified, the computer is locked. The user last using the 

computer must unlock it. Only then can C•CURE 800/8000 applications be 

accessed again. 

To Use the CCure EPP Settings Utility 

1. Click Start and select Settings>Control Panel. The Control Panel opens. 

2. Double-click CCURE Settings. The C•CURE Enhanced Password 

Protection Settings dialog box opens, as shown in Figure 4-8 on page 4-9. 

Figure 4-8: CCURE Enhanced Password Protection Settings Dialog Box 



3. Confirm or change the Timeout Warning or Inactivity Lock Out or 

Logoff settings and enter exclusions according to the information given in 

Table 4-1 on page 4-10. 

4. Click OK. 

Changes made to the settings apply to all computer users, not just 

C•CURE users. 

Configuring the system to log users out can cause data loss if open 

applications are unable to save the current state prior to the logout. 

Therefore, before you enable this option, consider the consequences 

carefully, especially to non-C•CURE users and applications. 

You are also able to exclude specific applications from the lockout setting. 

Table 4-1: CCURE Enhanced Password Protection Settings Dialog Box 

Field/Button 

Description 

General Box 

Timeout Warning 

Inactivity Lock Out or Logoff 

Timeout warning is the length of time in seconds before 

the inactivity warning appears on the computer screen 

informing users they are about to be logged off or locked 

out. If the user responds to the warning message, the timeout 

counters in C•CURE are reset and the time-out process 

restarts. Any keyboard or mouse activity also causes the 

time-out counters to reset. When there is normal computer 

activity, the warning message does not display. If you use 

the parameters shown in Figure 4-8 on page 4-9, the 

timeout message is displayed after ten minutes of inactivity. 

The Inactivity Lock Out or Logoff time is also specified in 

seconds and runs in parallel with the Timeout warning. If 

this time is exceeded, the user is logged off or locked out. In 

the example in Figure 4-8 on page 4-9 the computer is 

locked after 20 minutes of inactivity or 10 minutes after the 

warning. 



Table 4-1: CCURE Enhanced Password Protection Settings Dialog Box, continued 

Field/Button 

Idle Timeout Selection 

Description 

Select this option to specify if the computer should be 

locked or logged out when the inactivity timeout is reached. 

By default this box is selected when the system locks the 

screen, keyboard, and mouse. All current applications and 

tasks continue running in the background, but are not visible 

until the machine is unlocked. Only the current user or an 

administrator can unlock the computer by entering his or her 

username and password. 

Clearing this option causes all user applications to be 

terminated and the current user to be logged out. Any user 

can then log into the computer normally. (See the caution 

below.) 

NOTE: Terminating applications in this manner may lead to 

data loss if the users do not save their work when 

the timeout period occurs. See the section exclusion 

lists below. 

Exclusions Box 

Exclusions 1 - 6 

Under certain circumstances you might want to disable the 

inactivity timeout period if certain applications are running 

on the system. You can exclude applications by entering the 

program process name in the Exclusion list. 

Example: 

The Exclusion list should contain winword.exe if the 

inactivity timer should not timeout while Word for 

Windows is running. 


User Account Management 


Overview 

Full utilization of the security features of C•CURE Enhanced Password 

Protection requires a two-stage process for creating C•CURE 800/8000 user 

accounts. 

1. Unique definition of each of the users of the operating system within 

Windows. 

2. Assignment within C•CURE 800 itself of the access rights associated with 

each of those users. 

You can create the Windows accounts on either of the following: 

• The local computer. 

• The network domain controller computer. 

Domain controllers provide the means to centrally manage one or more 

machines within a domain. (Configuring and managing domain 

controllers is outside the scope of this document. If you need more 

information on this topic, contact the relevant network manager or person 

responsible for domains at your site.) 

For more information about creating Windows accounts, see Chapter 2, 

“Creating Users and User Groups in a Domain”. 

Deleting a C•CURE User Account 

You must complete the following two steps to delete a user account. 

1. Remove the user from the list of C•CURE 800/8000 users within the 

C•CURE 800 system. 

A C•CURE 800/8000 administrator can use the Personnel tool to remove a 

user from the list of authorized C•CURE users. Doing this denies the user 

access to the C•CURE 800/8000 applications, but still permits him or her 

access to the computer and other applications. 



Unless the user’s Windows group permissions are changed, the user still 

has access to CCURE data files, which could lead to a potential security 

risk. 

2. Remove the user account from the Windows operating systems user 

group. A Windows administrator should then remove the user’s account 

from the operating system. 

If you need to reinstate users you must add them back to the system as 

documented in Chapter 2, “Creating Users and User Groups in a Domain”. 

To Remove the User from a Windows 2003 or XP System 


2. Double-click Administrative Tools. The Administrative Tools dialog box 

opens. 

3. Double-click Computer Management. The Computer Management 

dialog box appears, as shown in Figure 4-9 on page 4-13. 

4. Select Local Users and Groups>Users. 

Figure 4-9: Windows Computer Management Dialog Box 



5. Right-click the username you want to delete and select Delete from the 

shortcut menu. 

The following confirmation dialog box opens. 

Figure 4-10: Local Users and Groups Confirmation Message 

6. Click Yes to confirm the deletion. The user’s account is completely 

removed, preventing him or her from logging onto the computer. 

Disabling and Enabling an Account 

You can temporarily disable a user account using the Computer Management 

dialog box. 

To Disable or Enable an Account in a Windows 2003 or XP System 

1. Open the Computer Management dialog box, as shown in Figure 4-9 on 

page 4-13. 


3. Right-click on the user you want to disable or enable and select Properties 

from the shortcut menu. The Properties dialog box opens, as shown in 





4. To: 

• Disable an account - select the Account is disabled option. 

• Enable an account- clear the Account is disabled option. 

5. Click Apply and then click OK. 

Modifying a Password 

C•CURE Enhanced Password Protection uses the operating system for 

password management. 

Windows 2003 and XP allow passwords to be changed in two different ways: 

1. You can change your password yourself as follows: 

a. Press CTRL-ALT-DEL. 

b. On the Windows Security dialog box, select Change Password. 

A prompt asks you to enter your existing password, then the new 

password and a confirmation password before making the change. 

2. The system administrator can reset any user’s password from the 

Computer Management dialog box, as shown in the following procedure 

on page 4-16. 



To Change the Password in Windows 2003 or XP 

1. Open the Computer Management dialog box, as shown in Figure 4-9 on 

page 4-13. 


3. Right-click the username of the user whose password you want to reset 

and select Set Password from the shortcut menu. 

• A warning dialog box opens, as shown in Figure 4-12 on page 4-16. 

Figure 4-12: Set Password Warning 

– Click Proceed. The Set Password dialog box opens, as shown in 


Figure 4-13: Set Password for Dialog Box 



4. Type the new password in the New Password box. 

5. Retype the new password in the Confirm Password box. 

6. Click OK. 




5 

Uninstalling 

C•CURE Enhanced 


This chapter describes Enhanced Password Protection uninstallation 

procedures. 


Uninstalling The Software .............................................................................................. 5-2 


Uninstalling The Software 


You can uninstall the C•CURE Enhanced Password Protection feature from 

your systems using the Windows Add/Remove Programs dialog box. 

To Uninstall Enhanced Password Protections 

1. Log onto the computer with appropriate privileges. Refer to the C•CURE 

800/8000 Installation Guide for information on system privileges. 


3. Double-click Add or Remove Programs. The Add or Remove Programs 

dialog box opens, similar to the one shown in Figure 5-1 on page 5-2. 

Figure 5-1: Add/Remove Programs Window 

4. Select C•CURE Password Protection and click Change\Remove. The 

Install Shield Wizard opens, followed by the Confirm Uninstall message 

box, shown in Figure 5-2 on page 5-3. 



Figure 5-2: Confirm Uninstall Message 

5. Click OK, the program uninstalls and the following dialog box appears, 

as shown in Figure 5-3 on page 5-3. 

Figure 5-3: C•CURE Password Protection Uninstall Completed Dialog Box 

6. Select one of the following: 

• Yes, I want to restart my computer now to restart your computer. 

• No, I will restart my computer later to restart you computer at a later 

time. 

NOTE 

Software House recommends that you restart your computer once the 

uninstall completes. 

7. Click Finish 




Index 

C 


installation 

DVD, using 3-2 

over network 3-3 

procedures 3-2 to 3-7 

pre-installation tasks 2-1 

C•CURE idle time-out 

setting 4-9 

Caution symbol ix 

CCEPPCPL.cpl 3-9 

CCURE account management in Windows 2003/ 

XP 

deleting an account 4-13 

disabling an account 4-14 

enabling an account 4-14 

modifying a password 4-15 

overview 4-12 

CCURE EPP Settings.See C•CURE Idle Time-out 

CCURE user account 

adding to CCURE group on domain 

controller 2-11 

creating on domain controller 2-8 

overview 2-8 

CCURE User group 


CCUREXPGina.dll 3-9 

Conventions used in this manual ix 

Conventions, documentation ix 

D 

Danger symbol ix 

Deleting 

CCURE user account from Windows 2003/ 

XP 4-13 

Directory privileges 

overview 4-2 

setting 

in Windows 2003/XP 4-2 

Disabling 

CCURE user account in Windows 2003/ 

2000/XP 4-14 

Documentation, conventions ix 

Domains 

password protection in 

creating user accounts 2-8 

creating user groups 2-3 

introduction 2-2 

E 

Enabling 

CCURE user account in Windows 2003/XP 

4-14 

Exclusions 

setting 4-9 


Index–1

Index 

F 

File privileges 

overview 4-2 

setting 


Finding more information vii 

H 

Help viii 

How to use this manual vi 

I 

Information, finding more vii 

Installing password protection software 

DVD, using 3-2 

over the network 3-3 


M 

Manager user account 



overview 2-8 

Manager user account creating 

on domain controller 2-8 

Manual, how to use vi 

Modifying password on Windows 2003/XP 4-16 

N 

Native.exe 3-9 

Note symbol ix 

Novell 

Dynamic Local User 3-8 

Net services software 3-8 

NetWare 5.1 3-8 

To setup Novell for use with C•CURE 800/ 

8000 Client 3-8 

ZENWorks 3-8 

Novell Setup for C•CURE 800/8000 Client 3-8 

P 

Password 

modifying on Windows 2003/XP 4-16 

rules 4-7 

traditional authentication for C•CURE 800 

1-3 


features 1-3 

installing 

over the network 3-3 


using the DVD 3-2 


overview 1-3 

post-installation tasks 4-1 

pre-installation tasks 2-1 

uninstalling 5-2 

Post-installation tasks 

C•CURE idle time-out 

exclusions 4-9 

setting 4-9 


managing password policy 4-7 

locally 4-8 

managing user accounts 4-12 

deleting an account 4-12 

disabling 4-14 

Index–2 


Index 

enabling 4-14 

modifying a password 4-15 

overview 4-12 

setting file/directory privileges 4-2 


R 

Rules/policies, for passwords 4-7 

S 

Setting file and directory privileges 


T 

Time-out 

setting 4-9 

Tip symbol ix 

U 

Uninstalling password protection 5-2 

User account 




overview 2-8 

User group 


W 

Warning symbol ix 


Index–3

Index 

Index–4

Enhanced Password Protection Installation and Configuration Guide

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?